News Categories
(34)Malware (39)Malicious emails (11)Web 2.0 (24)Facebook (22)Social Networks (44)Spam (2)Defensio (1)Comment Spam (15)Phishing (9)Web spam (4)Click-jacking (38)Compromise (20)Analysis (38)Exploits (14)Research (3)Presentations (3)Conferences (4)security conference (9)Mass Injection (10)Rogue AV (4)Blackhat SEO (2)Neosploit (23)Targeted attacks (7)Video (14)Zeus (5)Microsoft (4)Monthly Reports (1)twitter (3)Google (18)Vulnerabilities (9)Adobe (12)Java (4)Mobile (4)Apple (1)hacked (1)TAB (1)Black Hat USA 2011 (1)Google+ (20)0-day (1)CVE-2010-2884 (1)CVE-2011-1255 (1)Worm (14)Blackhole exploit kit (1)Incognit Exploit kit (2)Tuesday Patch (6)APT (6)Typosquatting (3)Vulnerability Analysis (1)CVE-2011-3402 (4)Web Research (4)Predictions (3)Adult (5)News (3)Black Hat SEO (6)Data loss (8)Scam (1)QR codes (6)Twitter (1)CVE-2012-0003 (1)CVE-2011-3389 (1)CVE-2012-0004 (1)Phoenix Exploit Kit (1)CrimePack (3)Reverse Engineering (2)Captcha (1)Valentine's day (2)Kelihos (1)SC Magazine Award Winner (1)Wordpress (1)MS12-010 (1)CVE-2012-0002 (1)Infosec (2)CVE-2012-0507 (8)Toolkits (1)Skywiper (2)Flame (1)Flamer (2)Passwords (1)freedom of expression (1)censorship (2)Plugins (3)Malvertising (14)Exploit (1)CVE-2012-1723 (1)CSI (2)ThreatSeeker (2)Adventures in Spam (1)CVE-2012-4681 (1)LBS (2)RAT (1)module Apache/2 (1)Cyber Monday (1)Black Friday (1)Pastebin (4)CVE-2012-4792 (1)iPad (1)super bowl (1)iPhone (2)iOS (4)Spear Phishing (1)Threat Report (3)ThreatScope (1)Dynamic DNS (1)China (1)SSL (1)APT1 (2)DLP (3)Hack (1)CVE-2012-4969 (2)threat lifecycle (1)ThreatSeeker Network (1)ACE (10)exploit kit (1)blackhole (2)Black Hole (1)DNS poisoning (1)RedKit Exploit Kit (4)exploit kits (1)threat stages (1)Certificates (1)Topical (1)Waterhole (1)CVE-2013-2463 (1)Neutrino exploit kit (1)CVE-2013-2473 (1)CVE-2013-3893 (2)Collective Threat Intelligence (1)CVE-2013-3963 (1)Targeted Attack (3)Advanced Malware (1)CVE-2013-3897 (1)Tor (5)cyber-crime (1)Mevade (2)Ransomware (3)Social Engineering (1)CookieBomb (2)LinkedIn (1)CVE-2013-3906 (2)Pony (3)Cryptolocker (2)Upatre (1)application telemetry (1)meta-data (3)dr. watson (1)windows error reporting (1)big data (2)data theft prevention (1)DTP (1)telemetry (2)CVE-2014-0322 (2)MSIE 0-day (1)Deputy Dog (1)Ephemeral Hydra (1)CVE-2013-0074 (1)CVE-2013-3896 (1)Silverlight (2)crash reports (1)POS (1)anomaly detection (1)goon (4)angler (1)ru:8080 (1)magnitude (3)flash (1)CVE-2013-2465 (1)malicious iframes (1)FIESTA (1)Exploits Kit (1)iframe (3)CVE-2014-0160 (2)OpenSSL (3)Heartbleed (3)Citadel (2)CVE-2014-1776 (1)VGX.DLL (1)necrus (1)cutwail (2)gameover (3)vulnerability (3)zbot (1)control panel (1)carberp (1)zberp (1)Caphaw (2)Nuclear exploit kit (1)Shylock (1)Dragonfly (1)Zeus PIF (1)bitly (1)fraud (2)RIG Exploit Kit (1)POS malware (1)Point Of Sale Malware (1)Ukraine (1)Russia (1)Shellshock (1)CVE-2014-6271 (1)poodle (1)cve-2014-3566 (1)sslv3 (1)Ebola (1)CVE-2014-4114 (1)CPA (1)Regin (1)CVE-2015-0311 (1)CVE-2015-0235 (1)linux (1)GHOST (1)CVE-2015-0072 (1)Internet Explorer (1)XSS (1)IE (1)TorrentLocker (1)Product Information (1)Money Laundering (1)APSA10-05 (1)Skype spam
RSS Feed
News
Jan
12
One critical and six important Microsoft patches to start 2012
Posted by Tamas Rudnai on 12 January 2012 08:13 PM

The start of the Olympic year of 2012 sees a quick release of 7 patches from Microsoft, including 1 that addresses a critical vulnerability that allows remote code execution when exploited. Websense® Security Labs strongly recommends that you update to the latest patches to avoid attacks from cyber criminals.

 

 

 

Not surprisingly, Microsoft marked the recently discovered MIDI vulnerability (CVE-2012-0003) as critical, as it received huge publicity in the beginning of the year and is likely to be seen in exploit kits in the near future. With this bug, an attacker can run arbitrary code on a remote computer using a specially crafted MIDI file. The executed code runs with the same privileges as the local user, so a well-defined user policy could prevent further damage on the computer. Another patch In this latest bulletin fixes the DirectShow remote code execution vulnerability (CVE-2012-0004). With this one, an attacker can execute malicious code on a remote computer without user interaction using a specially crafted media file.

 

The infamous BEAST (Browser Exploit Against SSL/TLS) vulnerability has also been fixed with the January Tuesday Patch. With this vulnerability (identified as CVE-2011-3389 in mitre.org), a cyber criminal can act as a "man-in-the-middle" and interfere with the SSL (Secure Sockets Layer) protocol. As a result, an attacker can obtain the HTTP header in plain text, allowing access to session cookies.

 

Websense Security Labs and our ThreatSeeker™ Network are constantly monitoring for these threats occurring in the wild.

 


Read more »



Sep
15
Microsoft patches 15 important vulnerabilities
Posted by Tamas Rudnai on 15 September 2011 07:15 PM

This month, Microsoft issued 5 security bulletins covering 15 vulnerabilities in Excel and Windows. These updates are considered important rather than critical, as by the time of the patch there was no malicious code exploiting the vulnerabilities in the wild. Adobe also released a security bulletin patching 13 vulnerabilities in Acrobat Reader. Websense® Security Labs highly recommends applying the updates in order to avoid cyber criminals who may use these security holes for their malicious activities.

 

Arguably the most important bulletin is MS11-072, which targets five different vulnerabilities in Microsoft Office. An attacker could use any of these to execute arbitrary code on the computer with the same access rights as the user. This is a focus for any security researcher as hackers are constantly looking for newer ways to distribute their badware. Such issues are probably getting more and more headlines as Adobe's sandboxing system and regular security patches seem to be paying off, meaning an up-to-date system is much less prone to successful exploits by vulnerabilities in PDFs.

 

This does not mean, of course, that we will see no more vulnerabilities in Acrobat Reader. This Tuesday Adobe Issued a security bulletin too, fixing 13 vulnerability issues in their product. Each of the vulnerabilities could allow an attacker to execute a code on the host computer allowing them to take full control of it. This patch is rated as critical, therefore it is strongly recommended to apply it.

 

 

Also worth mentioning is that many companies have updated their DigiNotar certificates - Microsoft, Adobe, and even Mozilla Firefox issued the updates. Firefox even released an additional security patch targeting this issue. Please check that you have applied the latest updates so you are fully protected.

 

Is your organization using the latest Firefox 6 or Internet Explorer 9? Which one did you find more secure? Give us your thoughts in the comments.

 

Vulnerabilities patched by Microsoft on 13 September 2011:

MS11-070 WINS Local Elevation of Privilege Vulnerability (CVE-2011-1984)

MS11-071 Windows Components Insecure Library Loading Vulnerability (CVE-2011-1991)

MS11-072 Excel Use after Free WriteAV Vulnerability (CVE-2011-1986)

MS11-072 Excel Out of Bounds Array Indexing Vulnerability (CVE-2011-1987)

MS11-072 Excel Heap Corruption Vulnerability (CVE-2011-1988)

MS11-072 Excel Conditional Expression Parsing Vulnerability (CVE-2011-1989)

MS11-072 Excel Out of Bounds Array Indexing Vulnerability (CVE-2011-1990)

MS11-073 Office Component Insecure Library Loading Vulnerability (CVE-2011-1980)

MS11-073 Office Uninitialized Object Pointer Vulnerability (CVE-2011-1982)

MS11-074 XSS in SharePoint Calendar Vulnerability (CVE-2011-0653)

MS11-074 HTML Sanitization Vulnerability (CVE-2011-1252)

MS11-074 Editform Script Injection Vulnerability (CVE-2011-1890)

MS11-074 Contact Details Reflected XSS Vulnerability (CVE-2011-1891)

MS11-074 SharePoint Remote File Disclosure Vulnerability (CVE-2011-1892)

MS11-074 SharePoint XSS Vulnerability (CVE-2011-1893)

 

Vulnerabilities patched by Adobe on 13 September 2011:

Local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).

Security bypass vulnerability that could lead to code execution (CVE-2011-2431).

Buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).

Heap overflow vulnerability that could lead to code execution (CVE-2011-2433).

Heap overflow vulnerability that could lead to code execution (CVE-2011-2434).

Buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).

Heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).

Heap overflow vulnerability that could lead to code execution (CVE-2011-2437).

Stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).

Memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).

Use-after-free vulnerability that could lead to code execution (CVE-2011-2440).

Stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).

Logic error vulnerability that could lead to code execution (CVE-2011-2442).

 

Websense Security Labs and our ThreatSeeker Network are constantly monitoring for these threats occurring in the wild.

 


Read more »